Sunday, December 2, 2018

Cypher PowerShell wrapper v1


Using a Powershell wrapper to securely authenticate to Neo4J to execute CYPHER using Bolt.



I've been busily developing some of my automation leveraging Neo4j with our CommitCRM and Check_MK (Nagios) monitoring platform.

I wanted to automate my process for updating the graph database and generating tickets.  In order to do this securely I wanted to execute CYPHER scripts with windows task scheduler.

To make this easier I've built a powershell wrapper to run my scripts.  This consists of defining a neo4j datasource with the server location, user and password:

ServerURL bolt://server.fqdn.or.ip:7687
DSPW         01000000d08c9ddf0115d1118c7a00c04fc297e...
DSUser        neo4j


Download/install the Neo4j.Driver nuget package

Check out this post by Glenn Sarti for more information.


Configure your datasource:


First you will be prompted to locate the Neo4j.Driver.

















Next supply the datasource name









Now the URL to your Neo4j database









Then the user/password

















Now the script will attempt to connect using the provided information, and if successful will store the information in your registry under HKCU\Software\neo4j-wrapper\Datasource\your-datasource-name.

set-n4credentials.ps1 can be used to store multiple named datasources and will store each server URL, user, and password combination within a seperate reg key


Retrieve the datasource

Now you can use the execute-cypher-query.ps1 to securely retrieve the credentials from the registry and run your CYPHER code within powershell.

If the server is accessible and the credentials are correct, it will run whatever cypher code you run in the $query variable.  For example I've included a simple query to count the number of nodes in the graph database and return the results.





















and here's the output:


















In Summary

This should provide a secure way to run CYPHER scripts natively from powershell using the BOLT protocol. to allow for authentication without putting clear-text passwords within your powershell scripts.
Here's the example scripts in github
In a future version I'd like to use paramters to provide external .cypher scripts to run to truly use this as a wrapper.  I'd also like to store datasources that I reference fromWITHIN my cypher scripts.  (for instance apoc.load.json where I am required to provide API key or user credentials within the URL or as a header).